INFODAS SDoT Diode

The SDoT Diode is developed and manufactured in Germany following the Security by Design principle. As an unidirectional security gateway, the SDoT Diode allows government, defense, and critical infrastructure clients to maintain their confidentiality and integrity requirements for data provision or receipt in digitization and Industry 4.0 projects. Contrary to firewalls or bi-directional security gateways, data diodes don’t filter data according to policies that require continuous maintenance. Instead, a high degree of security is achieved by segmenting systems according to protection levels and enforcing unidirectional data flow. The main features of our data diode:

• 9.1 Gbit/s;
• Multi Protocol;
• Secure Architecture,

Since the 1980s data diode design follows the same hardware level separation principle. A fiber optic cable is used to enforce a physical separation between domains and enforce unidirectional data flow. In electronics a diode is a component that only allows current to flow in one direction. A data diode could also be created by cutting copper-leaders in a cable but that could still present a risk as they are not galvanically separated. Although the old approach to data diodes ensures physical separation of networks without a return channel, it doesn’t meet today’s requirements for bandwidth, reliability, space, project implementation speed, or bi-directional protocols. In contrast, the SDoT Diode, as a next-generation data diode, ensures logical separation of networks without a return channel due to its unique and evaluated security architecture. Side-channel attacks are prevented through the minimized kernel. The SDoT diode allows fast and high-performance unidirectional data transfer via numerous protocols in a compact form factor between two security domains. It also offers additional functions such as HTTP response status codes. In the field of critical infrastructures (e.g. factories, oil platforms, power stations, water treatment plants), the opposite is the case. Data from the isolated area with the industrial control systems (OT) are supposed to be made available for unclassified systems or the cloud. In the public sector especially in defense, intelligence and homeland security, data diodes are generally used to provide data from sensors or unclassified systems (LOW) to a classified system (HIGH). The top priority is to protect classified data in HIGH and prevent it from leaking to LOW under all circumstances.

• Database replication / updates;
• Transfer of sensor data (e.g. Radar, ELINT, Satellite);
• Lawful interception;
• Video / Audio streaming;
• Remote Screen View / Website mirror;
• Patch management and malware signatures;
• Logging and backup;
• Secure printing.

The reverse is the case in critical infrastructure (e.g. factories, oil & gas platforms, power plants, water treatment plants). Data residing in the mission-critical industrial control systems (HIGH) must be made available for IT systems or the cloud (LOW) through a data diode.  This could be machine data for monitoring in a remote supervisory command center or predictive maintenance in a big data analytics solution. The top priority is to prevent access from LOW to the industrial control systems (HIGH) under all circumstances.

• Database / Server replication (e.g. OPC, Modbus, Historian);
• Transfer of OT data;
• IT service management;
• Managed security services (SIEM to SOC);
• Video / Audio streaming;
• Remote Screen View;
• Patch management and malware signatures;
• Logging and backup;
• Secure printing.